https://transport.data.gouv.fr

Faciliter l'accès à l’information voyageur pour tous, partout en France, grâce à l’ouverture des données.
Mise à jour il y a : environ 1 heure

Copie d'écran de https://transport.data.gouv.fr

warn-no-info

Aucune information trouvée dans cette catégorie

warn-no-info

Aucune information trouvée dans cette catégorie

Nmap

Scan Summary :

Sévérité
Service à l'écoute
Vulnérabilités
http (port:80)
tcpwrapped (port:179)
https (port:443)
socks (port:1080)
pvuniwien (port:1081)
ppp (port:3000)
ssh (port:5002)
amqp (port:5800)
unknown (port:5962)
tcpwrapped (port:9999)
Mozilla HTTP observatory
Rapport détaillé

Scan Summary :

Impact
Description
Documentation
Content Security Policy (CSP) implemented unsafely. This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as https: inside object-src or script-src, or not restricting the sources for object-src or script-src.Doc Content Security Policy. L'extension github.com/april/laboratory permet de générer la CSP pour votre application.
Cookies set without using the Secure flag or set over HTTPOWASP Session Management Cheat Sheet.
HTTP Strict Transport Security (HSTS) header not implementedDoc header Strict-Transport-Security (HSTS).
X-XSS-Protection header not implementedDoc header X-XSS-Protection.

Scan Summary :


Grade capped to A. HSTS is not offered


Expiration : 19/04/2024

Risk/Confidence
Name
PII Disclosure
CSP: Wildcard Directive
CSP: script-src unsafe-eval
CSP: script-src unsafe-inline
Content Security Policy (CSP) Header Not Set
Sub Resource Integrity Attribute Missing
Application Error Disclosure
Cross-Domain Misconfiguration
Missing Anti-clickjacking Header
Absence of Anti-CSRF Tokens
CSP: Notices
Strict-Transport-Security Header Not Set
Application Error Disclosure
Cookie Without Secure Flag
Cross-Domain JavaScript Source File Inclusion
Permissions Policy Header Not Set
X-Content-Type-Options Header Missing
Timestamp Disclosure - Unix
Dangerous JS Functions
Timestamp Disclosure - Unix
Sec-Fetch-Dest Header is Missing
Sec-Fetch-Mode Header is Missing
Sec-Fetch-Site Header is Missing
Sec-Fetch-User Header is Missing
Base64 Disclosure
Information Disclosure - Sensitive Information in URL
Modern Web Application
Non-Storable Content
Session Management Response Identified
Information Disclosure - Suspicious Comments
Re-examine Cache-control Directives
User Controllable HTML Element Attribute (Potential XSS)
Nuclei
Séverité
Name
Matcher
CAA Recordcaa-fingerprint
DNS DMARC - Detectdmarc-detect
MX Record Detectionmx-fingerprint
DNS TXT Record Detectedtxt-fingerprint
NS Record Detectionnameserver-fingerprint
HTTP Missing Security Headersx-permitted-cross-domain-policies
HTTP Missing Security Headersclear-site-data
HTTP Missing Security Headersstrict-transport-security
HTTP Missing Security Headerscontent-security-policy
HTTP Missing Security Headerspermissions-policy
HTTP Missing Security Headersx-content-type-options
HTTP Missing Security Headerscross-origin-resource-policy
HTTP Missing Security Headersx-frame-options
HTTP Missing Security Headersreferrer-policy
HTTP Missing Security Headerscross-origin-embedder-policy
HTTP Missing Security Headerscross-origin-opener-policy
robots.txt endpoint proberrobots-txt-endpoint
security.txt Filesecurity-txt
Detect SSL Certificate Issuerssl-issuer
SSL DNS Namesssl-dns-names
TLS Version - Detecttls-version

warn-no-info

Aucune information trouvée dans cette catégorie